RTF malware analysis — malicious · 9634d9b61d110185

MALICIOUS

RTF

4.7 KB First seen: 2020-05-14

MD5: aac4f0b1dd051107013ca0f243e7c9f6 SHA-1: eb73a8fedabbb544768af33d5663b3f4643d8485 SHA-256: 9634d9b61d1101856f0de87752a01d7a4f50db601f46d7b784557f88c7e1c4e7

60 Risk Score

Heuristics 2

\objupdate forces OLE activation high RTF_OBJUPDATE

RTF contains \objupdate — forces automatic OLE object instantiation when the document is opened, bypassing user interaction. Almost exclusively seen in Equation Editor exploit documents.
OLE object data medium RTF_OBJDATA

RTF contains 1 \objdata section(s) — embedded OLE objects

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`objdata_00_off00000099.bin`	rtf-objdata-decoded	RTF \objdata at offset 0x99	2103 bytes
SHA-256: `454063a8d1f6168c2f3bc99984bf7af2c962efb9e90ef337c3bb8d39f46290cf`

Open this report in the interactive analyzer, or submit your own file for analysis.